Intel Sheds McAfee
Intel has sold the Intel Security business for $3.5bn less than it paid for it six years ago.
Intel Security, previously and better known as McAfee, has been sold to private equity firm TPG for $4.2bn, despite Intel paying $7.7bn for it in 2010.
The chip firm will receive $3.1bn in cash as part of the transaction and retain a 49 per cent minority stake. TPG will take control with a 51 per cent stake, and will invest $1.1bn in the company.
Intel Security is based on the McAfee business and was renamed two years ago. The company will revert to the better known McAfee brand, despite John McAfee reportedly suing Intel over the use of his name.
The transaction is expected to close in the second quarter of 2017, and Chris Young, general manager of Intel Security Group, will become CEO of McAfee.
Young described TPG in an open letter to stakeholders as a “seasoned technology investor” that was “attracted to our current momentum and long-term potential”.
He claimed that McAfee currently protects “more than a quarter of a billion endpoints” and more than 200 million consumers, and is present in two thirds of the world’s 2,000 largest companies.
Intel CEO Brian Krzanich claimed that, despite the sale, security “remains important in everything we do at Intel”.
“We will continue to integrate industry-leading security and privacy capabilities in our products from the cloud to billions of smart, connected computing devices,” he added.
Bryan Taylor, a partner at TPG, said that the company had “long identified the cyber security sector, which has experienced strong growth due to the increasing volume and severity of cyber attacks, as one of the most important areas in technology”.
Intel’s acquisition of McAfee Security in 2010 was intended to enable the company to beef up security around PCs and sell McAfee antivirus and other security software around its core business.
However, the combination never worked as the money to be made in the security business became increasingly focused on the data center and cloud computing.
Courtesy-TheInq
Is Intel Going To Dump McAfee
Intel has run out of ideas about what it is going to do with it its security business and is apparently planning to flog it off.
Five years ago Intel bought McAfee for $7.7bn acquisition. Two years ago it re-branded it as Intel Security. There was talk about chip based security and how important this would be as the world moved to the Internet of Things.
Now the company has discussed the future of Intel Security with bankers, including potentially the outfit. The semiconductor company has been shifting its focus to higher-growth areas, such as chips for data center machines and Internet-connected devices, as the personal-computer market has declined.
The security sector has seen a lot of interest from private equity buyers. Symantec said earlier this month it was acquiring Web security provider Blue Coat for $4.65 billion in cash, in a deal that will see Silver Lake, an investor in Symantec, enhancing its investment in the merged company, and Bain Capital, majority shareholder in Blue Coat, reinvesting $750 million in the business through convertible notes.
However Intel’s move into the Internet of Things does make it difficult for it to exit the security business completely. In fact some analysts think it will only sell of part of the business and keep some key bits for itself.
Courtesy-Fud
Was WordPress Compromised Again?
The service set up by WordPress to better support WordPress has failed users by suffering a security breach and behaving just like the rest of the internet.
WordPress, and its themes, are often shone with the dark light of the security vulnerability, but we do not hear of WP Engine often. Regardless of that, it seems to do good business and is reaching out to those that it does business with to tell them what went wrong and what they need to do about it.
A reasonable amount of threat mitigation is required, and if you are affected by the issue you are going to have to change your password – again, and probably keep a cautious eye on the comings and goings of your email and financial accounts.
“At WP Engine we are committed to providing robust security. We are writing today to let you know that we learned of an exposure involving some of our customers’ credentials. Out of an abundance of caution, we are proactively taking security measures across our entire customer base,” says the firm in an urgent missive on its web pages.
“We have begun an investigation, however there is immediate action we are taking. Additionally, there is action that requires your immediate attention.”
That action, is probably to panic in the short term, and then to change your password and cancel out any instances of its re-use across the internet. You know the drill, this is a daily thing right. Judging by the WordPress statement we are in the early days of internal investigation.
“While we have no evidence that the information was used inappropriately, as a precaution, we are invalidating the following five passwords associated with your WP Engine account,” explains WordPress as it reveals the sale of its – actually, your, problem. “This means you will need to reset each of them.”
Have fun with that.
Courtesy-TheInq
Microsoft To Block SHA-1 Hashing
Software Giant Microsoft has joined Mozilla and will consider blocking the SHA-1 hashing algorithm on Windows to keep the US spooks from using it to spy on users computers.
Redmond had earlier said that Windows would block SHA-1 signed TLS (Transport Layer Security) certificates from January 1, 2017, but is now mulling moving up the date to June.
There have been concerns about the algorithm’s security as researchers have proven that a forged digital certificate that has the same SHA-1 hash as a legitimate one can be created. Users can then be tricked into interacting with a spoofed site in what is called a hash collision.
In October, a team of cryptoanalysts warned that the SHA-1 standard should be withdrawn as the cost of breaking the encryption had dropped faster than expected to US$75,000 to $120,000 in 2015 using freely available cloud computing.
Programme manager for Microsoft Edge Kyle Pflug wrote in his blog that Redmond will coordinate with other browser vendors to evaluate the impact of this timeline based on telemetry and current projections for feasibility of SHA-1 collisions.
Mozilla said in October that in view of recent attacks it was considering a cut-off of July 1, 2016 to start rejecting all SHA-1 SSL certificates, regardless of when they were issued, ahead of an earlier scheduled date of January 1, 2017.
Courtesy- http://www.thegurureview.net/computing-category/microsoft-to-block-sha-1-hashing.html
Is Mastercard Going With Selfies?
July 17, 2015 by admin
Filed under Around The Net
Comments Off on Is Mastercard Going With Selfies?
Mastercard has announced plans to roll out a verification technology that requires a selfie to process payments. The industry’s latest move in the shameless act of narcissism is a biometric face scanning technology that will let customers replace their PINs with their face, according to MasterCard chief product security officer, Ajay Bhalla. Bhalla told CNN Money that the multinational financial services corporation has teamed up with all the major phone manufacturers to deliver the technology. “The new generation, which is into selfies, I think they’ll find it cool. They’ll embrace it. This [app] seamlessly integrates biometrics into the overall payment experience,” he said. “You can choose to use your fingerprint or your face. You tap it, the transaction is OK’ed and you’re done.” The selfie payment feature will roll out on a trial basis first in the US, with a full scale deployment to follow at an unspecified date. The system requires users to blink when prompted once they have held their device at eye-level for the checkout process to complete. This ensures that potential cyber crooks cannot use a still image of the user to hack into their personal account. MasterCard announced last month that all retail outlets across Europe will accept contactless payments by 2020, paving the way for wider adoption of mobile payment solutions. Mike Cowan, head of emerging payments products at MasterCard, revealed at the company’s Future of Payments event in London that Europeans will soon be able to tap to pay anywhere. “From the beginning of 2016 any new payment terminal that gets deployed must accept contactless, and every single terminal must accept it by 2020,” he said. This means that new point of sale terminals must adhere to the new standard on deployment from 1 January 2016, while existing terminals that don’t yet support contactless payments must be replaced by 1 January 2020 at the latest. Source
Facebook To Require Stronger Digital Signature
Comments Off on Facebook To Require Stronger Digital Signature
Facebook will require application developers to adopt a more secure type of digital signature for their apps, which is used to verify a program’s legitimacy.
As of Oct. 1, apps will have to use SHA-2 certificate signatures rather than ones signed with SHA-1. Both are cryptographic algorithms that are used to create a hash of a digital certificate that can be mathematically verified.
Apps that use SHA-1 after October won’t work on Facebook anymore, wrote Adam Gross, a production engineer at the company, in a blog post.
“We recommend that developers check their applications, SDKs, or devices that connect to Facebook to ensure they support the SHA-2 standard,” Gross wrote.
SHA-1 has been considered weak for about a decade. Researchers have shown it is possible to create a forged digital certificate that carries the same SHA-1 hash as legitimate one.
The type of attack, called a hash collision, could trick a computer into thinking it is interacting with a legitimate digital certificate when it actually is a spoofed one with the same SHA-1 hash. Using such a certificate could allow an attacker to spy on the connection between a user and an application or website.
Microsoft, Google, Mozilla and other organizations have also moved away from SHA-1 and said they will warn users of websites that are using a connection that should not be trusted.
The Certificate and Browser Forum, which developers best practices for web security, has recommended in its Baseline Requirements that digital certificate issuers stop using SHA-1 as of Jan. 1.
Google Moves To Drop CAPTCHA
December 16, 2014 by admin
Filed under Around The Net
Comments Off on Google Moves To Drop CAPTCHA
Google announced that it is trying to get rid of those annoying CAPTCHAs required by websites, which is short for Completely Automated Public Turing test to tell Computers and Humans Apart.
Instead of requiring that users fill in the letters and numbers shown in a distorted image, sites that use Google’s reCAPTCHA service will be able to use just one click, answering a simple question: Are you a robot?
“reCAPTCHA protects the websites you love from spam and abuse,” wrote Vinay Shet, product manager for Google’s reCAPTCHA service, in a blog post. “For years, we’ve prompted users to confirm they aren’t robots by asking them to read distorted text and type it into a box… But, we figured it would be easier to just directly ask our users whether or not they are robots. So, we did! ”
Google on Wednesday began rolling out a new API that rethinks the reCAPTCHA experience.
CAPTCHA “can be hard to read and frustrating for people, particularly on mobile devices,” said Zeus Kerravala, an analyst with ZK Research. “People often have to put in the text several times. On the surface, this seems a good way to improve the user experience. It still requires human intervention, just something simpler.”
CAPTCHAs were created to foil computer programs that hackers or spammers use to troll for access to websites or to collect email addresses.
Google said CAPTCHAs are less useful than they have been, although they are still frustrating to everyday users.
“CAPTCHAs have long relied on the inability of robots to solve distorted text,’ wrote Shet. “However, our research recently showed that today’s artificial intelligence technology can solve even the most difficult variant of distorted text at 99.8% accuracy. Thus distorted text, on its own, is no longer a dependable test.”
The new API, along with Google’s ability to analyze a user’s actions — before, during, and after clicking on the reCAPTCHA box — let’s the new technology figure out if the user is human or not.
“The new API is the next step in this steady evolution,” Shet stated. “Now humans can just check the box and in most cases, they’re through the challenge.”
McAfee’s Biometric Software Coming Soon
Comments Off on McAfee’s Biometric Software Coming Soon
A McAfee security product that will use biometric technology to authenticate users will be available for download by the end of the year, said Kirk Skaugen, senior vice president and general manager of the PC Client Group at Intel, last week.
“Your biometrics basically eliminate the need for you to enter passwords for Windows log in and eventually all your websites ever again,” Skaugen said.
Further product details were not immediately available. But one of the major inconveniences in using PCs and tablets is remembering passwords, which biometrics can tame.
An average user has about 18 passwords and biometric authentication will make PCs easier to use, Skaugen said.
Biometric authentication isn’t new. It’s being used in Apple Pay, where fingerprint authentication helps authorize credit card payments through the iPhone or iPad. Intel has been working on multiple forms of biometric authentication through fingerprint, gesture, face and voice recognition.
McAfee is owned by Intel, and the chip maker is building smartphone, tablet and PC technology that takes advantage of the security software. Intel has also worked on biometric technology for wearable devices like SMS Audio’s BioSport In-Ear Headphones, which can measure a person’s heart rate.
Intel also wants to make PCs and tablets easier to use through wireless charging, display, docking and data transfers. Such capabilities would eliminate the need to carry power brick and cables for displays and data transfers. Such capabilities will start appearing in laptops next year with sixth-generation Core chips code-named Skylake, which will be released in the second half.
MasterCard Testing New Fingerprint Reader
October 29, 2014 by admin
Filed under Consumer Electronics
Comments Off on MasterCard Testing New Fingerprint Reader
MasterCard is trying out a contactless payment card with a built-in fingerprint reader that can authorize high-value payments without requiring the user to enter a PIN.
The credit-card company showed a prototype of the card in London on Friday along with Zwipe, the Norwegian company that developed the fingerprint recognition technology.
The contactless payment card has an integrated fingerprint sensor and a secure data store for the cardholder’s biometric data, which is held only on the card and not in an external database, the companies said.
The card also has an EMV chip, used in European payment cards instead of a magnetic stripe to increase payment security, and a MasterCard application to allow contactless payments.
The prototype shown Friday is thicker than regular payment cards to accommodate a battery. Zwipe said it plans to eliminate the battery by harvesting energy from contactless payment terminals and is working on a new model for release in 2015 that will be as thin as standard cards.
Thanks to its fingerprint authentication, the Zwipe card has no limit on contactless payments, said a company spokesman. Other contactless cards can only be used for payments of around €20 or €25, and some must be placed in a reader and a PIN entered once the transaction reaches a certain threshold.
Norwegian bank Sparebanken DIN has already tested the Zwipe card, and plans to offer biometric authentication and contactless communication for all its cards, the bank has said.
MasterCard wants cardholders to be able to identify themselves without having to use passwords or PINs. Biometric authentication can help with that, but achieving simplicity of use in a secure way is a challenge, it said.
Is The Tesla Hackable?
It’s the curse of the connected car once it’s linked to the Internet, it’s, well, on the Internet. In the case of the Tesla Model S, this means that mischievous hackers could, in theory, control some functions of the vehicle and even snoop without the owner’s knowledge.
Tesla offers Android and iPhone apps for Model S owners, which can be used to check the vehicle’s battery, track its location and status, and tweak several other settings, like climate control and the sunroof. It can also be used to unlock the doors on the Model S.
Dell senior engineer George Reese says the REST API used by Tesla to provide access for Android and iPhone apps has several fairly serious security flaws, which could offer a way in for unscrupulous hackers.
According to an article written by Reese for O’Reilly, Tesla appears to have broken from accepted best practice when designing the API for the Model S.
“It’s flawed in a way that makes no sense. Tesla ignored most conventions around API authentication and wrote their own. As much as I talk about the downsides to OAuth (a standard for authenticating consumers of REST APIs–Twitter uses it), this scenario is one that screams for its use,” he wrote.
However, Reese notes, this is merely a potential attack vector, not one that could be immediately exploited. That said, a compromised website particularly one designed to provide “value-added services” via the API to Tesla drivers could prove highly damaging.
“I can … honk their horns, flash their lights, and open and close the sunroof. While none of this is catastrophic, it can certainly be surprising and distracting while someone is driving,” Reese wrote.
Automotive hacking has been posited by experts for some time, and several presentations at this year’s Defcon detailed fairly comprehensive methods of compromising some models.